我使用Spring Security的,我想用另一个网站作为我的认证供应商之一。我在我的网站上有一个基于表单的基本登录。我希望在我的网站上有一个链接,让用户访问他们将登录的外部网站,然后外部网站会将xml响应发回给我,并提供可验证的数据以查看登录是否成功。任何帮助将不胜感激!集成单点登录使用Spring的安全
- 你怎么集成了流入春季安全?
- 一旦我得到的回应回来,我将如何自动登录的用户吗?
例如使用下面的指导:
滤波器(未示出我的数据从XML脱落请求):
public class XMLAuthenticationFilter extends AbstractAuthenticationProcessingFilter{
public XMLAuthenticationFilter() {
super("/xml_security_check");
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException, ServletException {
GrantedAuthority[] grantedAuthorities = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER")};
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("userid", "pwd", grantedAuthorities);
request.getSession();
token.setDetails(new WebAuthenticationDetails(request));
Authentication authenticatedUser = super.getAuthenticationManager().authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
return authenticatedUser;
}
}
验证提供者:
public class XMLAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider{
private UserManager userManager;
@Override
protected void additionalAuthenticationChecks(UserDetails user, UsernamePasswordAuthenticationToken token) throws AuthenticationException {
}
@Override
protected UserDetails retrieveUser(String userName, UsernamePasswordAuthenticationToken token) throws AuthenticationException {
UserDetails user = userManager.getUser(userName);
if(user == null){
Users newDCUser = new Users();
newDCUser.setUserId(userName);
newDCUser.setRawPassword((String) token.getCredentials());
newDCUser.setFailedLoginAttempts(0);
newDCUser.setBeginEffectiveDate(new Date());
newDCUser.setEndEffectiveDate(getEffectiveDate());
userManager.saveUser(newDCUser);
}
return userManager.loadUserByUsername(userName);
}
private Date getEffectiveDate(){
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.YEAR, 10);
return calendar.getTime();
}
public UserManager getUserManager() {
return userManager;
}
public void setUserManager(UserManager userManager) {
this.userManager = userManager;
}
}
豆配置:
<bean id="xmlAuthenticationFilter" class="com.dc.api.service.impl.XMLAuthenticationFilter">
<property name="authenticationManager" ref="am" />
</bean>
<bean id="xmlAuthenticationProvider" class="com.dc.api.service.impl.XMLAuthenticationProvider">
<property name="userManager" ref="userManager"/>
</bean>
是否在外部网站使用Spring Security,是它在同一个域中? – sourcedelica 2011-03-19 22:17:26
嗨ericacm,谢谢你的回应。否这两个问题。我必须重定向到它,然后他们用一个xml来回发给我一个POST,我必须解析并使用它的属性来判断用户是否成功通过验证。有任何想法吗? – c12 2011-03-19 23:08:18
它是SAML还是一些自定义XML,对于该网站来说是独一无二的? – sourcedelica 2011-03-19 23:24:32